Lightweight Facebook social engineering scam

Published: 2008-12-29
Last Updated: 2008-12-29 23:19:11 UTC
by Toby Kohlenberg (Version: 1)
1 comment(s)

We've gotten reports (thanks to Steve who first reported it) of Facebook users receiving messages indicating that their photos have been stolen and posted to a different site ( and When you go to the sites, they request name, email and a password and then show you a picture of a monkey as a joke. However, if you enter your facebook account info, all your friends are sent the following message:

"Have been uploading your pics on blinksnap-com-go there

Has anyone informed you your photos are on cheepfry-com-go there" 

This doesn't have to be a huge threat. It's only an issue if you are silly enough to provide it with meaningful credentials if you reply at all. Please folk, remember to use unique credentials and don't give away your username/password.

UPDATE: Jeff pointed out that many/most of the sites that are connected to this scam seem to be using an IFRAME pointing at and most of the sites are resolving to a single IP address -

1 comment(s)


Here is another site as well:

"Are you aware that your pictures are on thumprush-com-check it out"

To see your Wall or to write on Kylie's Wall, follow the link below:

The Facebook Team

Diary Archives